Getting Data In

Where can I find a complete list of data source types that can be indexed in Splunk?

kartvasilii
New Member

Hi,
Could you tell me, do you have sort of "list of supported data sources"?
Actually, I want to know complete list of connectors to data source types supported in Splunk Enterprise.
Thanks!

Tags (3)
0 Karma
1 Solution

MarioM
Motivator

With Splunk there is no such thing as "list of supported data sources" as:
- we take any ascii data
- we have schema on the fly where data knowledge happened at search time and can be modified/created at anytime.http://docs.splunk.com/Documentation/Splunk/6.1.4/Knowledge/WhatisSplunkknowledge
- we have nearly 600 apps providing data knowledge,reports and dashboards. https://apps.splunk.com

View solution in original post

MarioM
Motivator

With Splunk there is no such thing as "list of supported data sources" as:
- we take any ascii data
- we have schema on the fly where data knowledge happened at search time and can be modified/created at anytime.http://docs.splunk.com/Documentation/Splunk/6.1.4/Knowledge/WhatisSplunkknowledge
- we have nearly 600 apps providing data knowledge,reports and dashboards. https://apps.splunk.com

DUThibault
Contributor

MarioM is being much too restrictive: Splunk can consume any text data, not just ASCII. UTF-8 is well-supported, for instance. See [https://answers.splunk.com/answers/137342/splunk-cannot-index-and-search-charset-utf-8-without-bom.h... this answer] where it is mentioned one can add CHARSET to the props.conf of any source input.

0 Karma

kartvasilii
New Member

How I understood, it supports:
1. Files\Directories monitoring (remote and local)
2. Windows Event Log collection (local via event log channels and remote via WMI)
3. Windows Performance Monitoring (local via PHD API and remote via WMI)
4. AD changes monitoring
5. Local Windows Registry cahnges
6. SNMP traps.
7. Data collection from UDP and TCP ports
8. Collection data from FIFO
9. Scripted Inputs (remote and local)

Sorry, if I made a mistake

0 Karma

MarioM
Motivator

if you are doing a competitive analysis i would recommend you to contact splunk Sales Engineering team as they will have plenty of infos to share with you

kartvasilii
New Member

Thanks for the information Ayn.
Let me change my question.
What kind of collection mechanisms Splunk Enterprise supports from-the-box (without apps instalation)?

0 Karma

kartvasilii
New Member

How I understood from this documentation:
1. Splunk doesn't support netflow (or other protocols)?
2. Splunk doesn't suppor ODBC or JDBS?
3. Splunk doesn't support SSH/Telnet?

Is this right?

0 Karma

Ayn
Legend

Splunk supports scripted inputs which means you're totally free to implement whatever input type you like. There's an app for for netflow, so it supports netflow. There's an app for grabbing database input and there's an ODBC driver that you can use, so it supports that. I don't know how you would expect to index anything using telnet.

kartvasilii
New Member

Ok, In this case
Could you tell me, do you have a list of available collection mechanism?
Sort of:
Remote collection:
* ODBS
* SSH/Telnet
* ...
Local collection:
* Windows files
* Linux files
* ...
Passive collection:
* SNMP
* SysLog
* NetFlow
* ...

0 Karma

MuS
SplunkTrust
SplunkTrust

as addition:

There is a full list of known/pretrained sourcetypes available on docs http://docs.splunk.com/Documentation/Splunk/6.1.4/Data/Listofpretrainedsourcetypes

kartvasilii
New Member

In other words, I want to know, what kind of data and from what kind of sources (I mean OS (Windows, Linux,...), Network Devices (Cisco, Juniper, ...) ...) can be received by a Splunk Indexer?

0 Karma

MarioM
Motivator

any kind from the moment it is ascii and you have a mechanism to collect it: http://docs.splunk.com/Documentation/Splunk/6.1.4/Data/WhatSplunkcanmonitor

kartvasilii
New Member

So, Can Splunk take any type of data from any type of sources (juniper, cisco, RADIUS, ...)?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...